[GNUnet-SVN] r2033 - GNUnet-docs/WWW

From:

grothoff

Subject:

[GNUnet-SVN] r2033 - GNUnet-docs/WWW

Date:

Wed, 31 Aug 2005 14:23:55 -0700 (PDT)

Author: grothoff
Date: 2005-08-31 14:23:53 -0700 (Wed, 31 Aug 2005)
New Revision: 2033
Modified:
GNUnet-docs/WWW/protocol_p2p_core.php3
GNUnet-docs/WWW/smtp.php3
GNUnet-docs/WWW/user_gnunet.php3
Log:
fix
Modified: GNUnet-docs/WWW/protocol_p2p_core.php3
===================================================================
--- GNUnet-docs/WWW/protocol_p2p_core.php3 2005-08-31 07:30:02 UTC (rev
2032)
+++ GNUnet-docs/WWW/protocol_p2p_core.php3 2005-08-31 21:23:53 UTC (rev
2033)
@@ -9,8 +9,8 @@
W("The GNUnet node-to-node (peer-to-peer) procotol currently defines seven
different messages that must be supported by all peers:");
EP();
echo "<ul>\n";
-LIV(extlink_("#HELO","HELO"));
-LIV(extlink_("#SKEY","SKEY"));
+LIV(extlink_("#HELLO","HELLO"));
+LIV(extlink_("#SETKEY","SETKEY"));
LIV(extlink_("#PING","PING"));
LIV(extlink_("#PONG","PONG"));
LIV(extlink_("#HANGUP","HANGUP"));
@@ -23,21 +23,21 @@
W("Thus it makes sense to refer to these messages as the core messages.");
P();
W("The most basic sequence is that a host sends a %s to any other host to
notify it of its existance on the network.",
- extlink_("#HELO","HELO"));
-W("The recipient of the HELO sends back a %s to confirm that the host is
actually reachable.",
+ extlink_("#HELLO","HELLO"));
+W("The recipient of the HELLO sends back a %s to confirm that the host is
actually reachable.",
extlink_("#PING","PING"));
W("The receiver of the PING always sends back a %s to confirm receit.",
extlink_("#PONG","PONG"));
P();
W("Later, either of the hosts sends the other host an %s message with an
encrypted %s to initiate a connection.",
- ARRAY(extlink_("#SKEY","SKEY"),
+ ARRAY(extlink_("#SETKEY","SETKEY"),
extlink_("#PING", "PING")));
-W("The receiver acknowledges this with another SKEY, which also contains a new
PING and a %s that corresponds to the PING that was received earlier.",
+W("The receiver acknowledges this with another SETKEY, which also contains a
new PING and a %s that corresponds to the PING that was received earlier.",
extlink_("#PONG","PONG"));
W("Again, the PING is answered with an encrypted %s.",
extlink_("#PONG","PONG"));
-W("If no PONG is received, either side can send another SKEY and PING.");
-W("If an SKEY is repeated after a short period of time, the secret key should
not be changed.");
+W("If no PONG is received, either side can send another SETKEY and PING.");
+W("If an SETKEY is repeated after a short period of time, the secret key
should not be changed.");
W("This sequence is pretty much equivalent to the initial three-way handshake
in TCP.");
P();
W("The following diagram illustrates a possible sequence of messages:");
@@ -52,7 +52,7 @@
W("Nodes then exchange application specific mesages.");
W("%s must be used to make packets look uniform in size.",
extlink_("#NOISE","NOISE"));
-W("The MTU is determined by the transport layer and advertised in the HELO
message.");
+W("The MTU is determined by the transport layer and advertised in the HELLO
message.");
W("%s can be used by any of the nodes to drop the connection.",
extlink_("#HANGUP","HANGUP"));
W("A connection that is inactive for a long time (about 15 minutes) is also
considered dropped.");
@@ -78,48 +78,48 @@
W("However, how this is done depends on the specific transport.");
EP();
-ANCHOR("HELO");H4("HELO");
+ANCHOR("HELLO");H4("HELLO");
BP();
-W("A HELO packet is used to propagate information about participating nodes
throughout GNUnet.");
+W("A HELLO packet is used to propagate information about participating nodes
throughout GNUnet.");
W("Each GNUnet node is identified by its public key K.");
W("Throughout GNUnet, the public key of a node is often abbreviated by just
the hash of K, short H(K).");
P();
-W("The HELO packet is the way nodes propagate public keys of other nodes.");
+W("The HELLO packet is the way nodes propagate public keys of other nodes.");
W("Furthermore, the identity of the node is <strong>bound</strong> to an
address.");
W("How an address is specified depends on the underlying transport mechanism
that is used.");
W("For example, the UDP service uses the IP and the UDP port.");
W("An SMTP transport implementation may choose to use an E-mail address.");
W("GNUnet nodes can have multiple addresses and change addresses at any time,
e.g. if the IP is dynamically assigned, like in DHCP or on dialup.");
W("The %s is used to notify other hosts of a changed address.",
- extlink_("doxygen/html/structHELO__Message.html","HELO message"));
+ extlink_("doxygen/html/structHELLO__Message.html","HELLO message"));
P();
W("<strong>Security considerations</strong>.");
W("Malicious nodes could disrupt GNUnet by telling nodes fake addresses.");
-W("As nodes forward HELOs from other nodes, malicious hosts could replace the
address of the original node by an invalid address.");
-W("In order to prevent this, the address portion of a HELO must be signed with
the private key of the node.");
-W("In order to prevent malicious hosts from forwarding outdated addresses, the
signed portion of a HELO also contains a timestamp stating how long the HELO is
going to be valid.");
-W("The administrator of each node can specify how long the HELOs signed by
that node are going to be valid; the administrator is in the best position to
judge how long the current address will be valid.");
+W("As nodes forward HELLOs from other nodes, malicious hosts could replace the
address of the original node by an invalid address.");
+W("In order to prevent this, the address portion of a HELLO must be signed
with the private key of the node.");
+W("In order to prevent malicious hosts from forwarding outdated addresses, the
signed portion of a HELLO also contains a timestamp stating how long the HELLO
is going to be valid.");
+W("The administrator of each node can specify how long the HELLOs signed by
that node are going to be valid; the administrator is in the best position to
judge how long the current address will be valid.");
P();
-W("Another security concern is where hosts send out valid, signed HELO
messages with IPs of non-participating machines.");
-W("The goal of this attack could either be to flood the non-participating
hosts with traffic (trick GNUnet into performing an attack) or to make it hard
for the receiver to find a valid GNUnet host in the ocean of addresses that it
learned from the HELOs.");
-W("GNUnet defends against this type of attack by sending a PING to the
acclaimed host and only believes the HELO of a PONG is received.");
-W("Thus the malicious host sending fake HELOs will fail to trick GNUnet into
repeatedly trying to connect to the non-participating host.");
+W("Another security concern is where hosts send out valid, signed HELLO
messages with IPs of non-participating machines.");
+W("The goal of this attack could either be to flood the non-participating
hosts with traffic (trick GNUnet into performing an attack) or to make it hard
for the receiver to find a valid GNUnet host in the ocean of addresses that it
learned from the HELLOs.");
+W("GNUnet defends against this type of attack by sending a PING to the
acclaimed host and only believes the HELLO of a PONG is received.");
+W("Thus the malicious host sending fake HELLOs will fail to trick GNUnet into
repeatedly trying to connect to the non-participating host.");
P();
-W("Receivers of HELOs must verify the signature and check that the HELO has
not expired.");
-W("Nodes should delete HELOs that have expired for a long time.");
-W("HELOs that expired just a short time ago may belong to nodes that may
re-appear.");
-W("GNUnet nodes may still keep trying to connect to these nodes, but their
HELOs should no longer be propagated.");
-W("HELOs can be send to hosts without an established encrypted connection (in
plaintext).");
-W("This is necessary because HELOs and %ss are needed to form the encrypted
channel in the first place.",
- EXTLINK_("#SKEY","SKEY"));
-W("Once an encrypted channel was formed, nodes can exchange HELOs via that
channel.");
+W("Receivers of HELLOs must verify the signature and check that the HELLO has
not expired.");
+W("Nodes should delete HELLOs that have expired for a long time.");
+W("HELLOs that expired just a short time ago may belong to nodes that may
re-appear.");
+W("GNUnet nodes may still keep trying to connect to these nodes, but their
HELLOs should no longer be propagated.");
+W("HELLOs can be send to hosts without an established encrypted connection (in
plaintext).");
+W("This is necessary because HELLOs and %ss are needed to form the encrypted
channel in the first place.",
+ EXTLINK_("#SETKEY","SETKEY"));
+W("Once an encrypted channel was formed, nodes can exchange HELLOs via that
channel.");
EP();
LAYOUT("P2P_hello_MESSAGE",
F(ARRAY(N("message size (600 + X)", NBO_()) => 2,
V("request type", 0, NBO_()) => 2,
- N("RSA signature (signing data starting from sender id to end of
HELO)","") => 256,
+ N("RSA signature (signing data starting from sender id to end of
HELLO)","") => 256,
V("size of public key (T)", 264, NBO_()) => 2,
V("size of n in bytes (N)", 256, NBO_()) => 2,
N("n in public RSA key (N bytes)", "") => 256,
@@ -134,32 +134,32 @@
-ANCHOR("SKEY");H4("SKEY");
+ANCHOR("SETKEY");H4("SETKEY");
BP();
-W("Sessionkeys are 128 bit keys for blowfish, a symmetric cipher that is used
for all communication between GNUnet nodes except %ss and SKEYs themselves (for
those, RSA with 2048 bit keys is used).",
- extlink_("#HELO","HELO"));
+W("Sessionkeys are 128 bit keys for blowfish, a symmetric cipher that is used
for all communication between GNUnet nodes except %ss and SETKEYs themselves
(for those, RSA with 2048 bit keys is used).",
+ extlink_("#HELLO","HELLO"));
P();
W("A session between two GNUnet nodes is the existance of a pair of
sessionkeys between the two nodes that have been confirmed by receiving an
encrypted PONG response to an encrypted PING challenge.");
W("Even if the underlying protocol may be connectionless, the notion of a
session is still meaningful for GNUnet.");
P();
W("A session key exchange may be initiated by either node.");
-W("SKEYS are always encrypted with the public key of the receiving node.");
+W("SETKEYS are always encrypted with the public key of the receiving node.");
W("The sender of a session key not only encrypts the key with the public key
of the receiver but also signs it (together with an creation time) with its own
private key.");
W("The transmitted key is the key that the sender will use in the future.");
-W("An SKEY always contains an encrypted PING message.");
-W("An SKEY may furthermore contain an encrypted PONG message, in particular if
the SKEY is transmitted in response to an SKEY+PING message.");
-W("The encrypted portion is part of the SKEY message since the overall message
is still in plaintext.");
+W("An SETKEY always contains an encrypted PING message.");
+W("An SETKEY may furthermore contain an encrypted PONG message, in particular
if the SETKEY is transmitted in response to an SETKEY+PING message.");
+W("The encrypted portion is part of the SETKEY message since the overall
message is still in plaintext.");
W("While the symmetric key is encrypted and signed using RSA, the PING (and
PONG) are encrypted with the symmetric cipher.");
-W("SKEY messages are usually not send through an encrypted channel.");
-W("If nodes that already have an SKEY pair decide to exchange a fresh
sessionkey, that key may be send via the encrypted channel.");
+W("SETKEY messages are usually not send through an encrypted channel.");
+W("If nodes that already have an SETKEY pair decide to exchange a fresh
sessionkey, that key may be send via the encrypted channel.");
W("However, even in that case, the key must also be encrypted with the public
key of the receiving node.");
P();
W("The sender must remember the sessionkey and can start using it after
receiving an acknowledgement in the form of a %s from the receiver.",
extlink_("#PONG","PONG"));
-W("The PONG must be encrypted and can be transmitted either as part of the
symmetrically encrpyted portion of another SKEY or as an ordinary encrypted
message.");
+W("The PONG must be encrypted and can be transmitted either as part of the
symmetrically encrpyted portion of another SETKEY or as an ordinary encrypted
message.");
P();
-W("The format of an SKEY message is the following:");
+W("The format of an SETKEY message is the following:");
EP();
LAYOUT("P2P_setkey_MESSAGE",
F(ARRAY(N("message size (520 + X)", NBO_()) => 2,
@@ -174,17 +174,17 @@
W("Using the RSA signature as the initialization vector, this key can be used
to decrypt the PINGs and PONGs (if present).");
W("The sessionkey is also used for all future communication with the peer
(until HANGUP or timeout).");
W("If PINGs are transmitted, the peer should respond by sending an encrypted
PONG.");
-W("If the peer has not yet transmitted a session key, the PONG can be included
in another SKEY message that is transmitted in response.");
+W("If the peer has not yet transmitted a session key, the PONG can be included
in another SETKEY message that is transmitted in response.");
W("If a PONG is included, this should be verified and if it matches a prior
PING used as confirmation that the other peer has received an earlier
sessionkey.");
EP();
ANCHOR("PING");H4("PING");
BP();
W("PINGs are used to test if a node receives messages correctly.");
-W("PINGs are exchanged in encrypted messages, as part of SKEYs and in
plaintext.");
+W("PINGs are exchanged in encrypted messages, as part of SETKEYs and in
plaintext.");
W("The receit of a PING must be answered by a PONG with identical body (the
receiver just changes the type).");
W("An encrypted PING must be answered by an encrypted PONG.");
-W("It does not matter if the encrypted PONG is encrypted as part of an SKEY or
part of an ordinary encrypted message.");
+W("It does not matter if the encrypted PONG is encrypted as part of an SETKEY
or part of an ordinary encrypted message.");
W("The challenge number in a PING is a random number that is used to make it
impractical for an adversary to guess the contents of the PING and thus hard to
fake a PONG response.");
P();
W("The identity stored in the PING is the identity of the receiver.");
Modified: GNUnet-docs/WWW/smtp.php3
===================================================================
--- GNUnet-docs/WWW/smtp.php3 2005-08-31 07:30:02 UTC (rev 2032)
+++ GNUnet-docs/WWW/smtp.php3 2005-08-31 21:23:53 UTC (rev 2033)
@@ -95,7 +95,7 @@
W("Finally, you need to add <tt>smtp</tt> to the list of <tt>TRANSPORTS</tt>
in the <tt>GNUNETD</tt> section.");
W("GNUnet peers will use the E-mail address that you specified to contact your
peer until the advertisement times out.");
W("Thus, if you are not sure if everything works properly or if you are not
planning to be online for a long time, you may want to configure this timeout
to be short, e.g. just one hour.");
-W("For this, set <tt>HELOEXPIRES</tt> to <tt>1</tt> in the <tt>GNUNETD</tt>
section.");
+W("For this, set <tt>HELLOEXPIRES</tt> to <tt>1</tt> in the <tt>GNUNETD</tt>
section.");
P();
W("This should be it, but you may probably want to %s it first.\n",
extlink_("#tst","test"));
Modified: GNUnet-docs/WWW/user_gnunet.php3
===================================================================
--- GNUnet-docs/WWW/user_gnunet.php3 2005-08-31 07:30:02 UTC (rev 2032)
+++ GNUnet-docs/WWW/user_gnunet.php3 2005-08-31 21:23:53 UTC (rev 2033)
@@ -138,14 +138,14 @@
W("All of the options described here refer to the server configuration.");
W("This section describes the most important options to setup
<tt>gnunetd</tt>.");
W("If you are on dialup, look at %s and probably %s.",
- ARRAY(extlink_("#gnunet.conf.heloexpires", "HELOEXPIRES"),
+ ARRAY(extlink_("#gnunet.conf.helloexpires", "HELLOEXPIRES"),
extlink_("#gnunet.conf.interfaces", "INTERFACES")));
W("If you are behind a NAT box, look at %s.",
extlink_("#gnunet.conf.ip", "IP"));
W("If you are a frontier host that is accessible from a trusted LAN and
connected to the Internet, have a look at %s, %s and %s.",
ARRAY(extlink_("#gnunet.conf.trusted", "TRUSTED"),
extlink_("#gnunet.conf.blacklist", "BLACKLIST"),
- extlink_("#gnunet.conf.heloexchange", "HELOEXCHANGE")));
+ extlink_("#gnunet.conf.heloexchange", "HELLOEXCHANGE")));
P();
W("The configuration of the SMTP transport layer is described %s",
intlink_("smtp.php3","here"));
@@ -183,10 +183,10 @@
extlink_("http://www.technopagan.org/dynamic/&quot;, "Dynamic DNS"));
EP();
-ANCHOR("gnunet.conf.heloexchange");H4("NETWORK: HELOEXCHANGE");
+ANCHOR("gnunet.conf.helloexchange");H4("NETWORK: HELLOEXCHANGE");
BP();
-W("If you set this option to <tt>NO</tt> your node will not forward HELO
messages that advertise other nodes.");
+W("If you set this option to <tt>NO</tt> your node will not forward HELLO
messages that advertise other nodes.");
W("This option only makes sense if your node bridges two networks that both
contain GNUnet nodes but that can not contact each other directly.");
W("The default value is <tt>YES</tt>.");
W("Stick to the default if you are unsure.");
@@ -339,7 +339,7 @@
W("If you are adventurous, you can supplement the last option with the SMTP
transport, which is difficult to configure but will allow NAT-to-NAT
communication.");
EP();
-ANCHOR("gnunet.conf.heloexpires");H4("GNUNETD: HELOEXPIRES");
+ANCHOR("gnunet.conf.helloexpires");H4("GNUNETD: HELLOEXPIRES");
BP();
W("This option specifies how long (in minutes) your node will claim to be
reachable under the current IP.");
W("If you have a permanent IP, a couple of days can be a reasonable value.");
@@ -539,11 +539,11 @@
"# ping messages received :
0\n" .
"# pong messages sent :
0\n" .
"# pong messages received :
0\n" .
- "# HELO messages received from http server :
34\n" .
- "# HELO messages received overall :
1\n" .
- "# valid HELO messages received :
0\n" .
- "# HELO messages forwarded from other peers :
0\n" .
- "# HELO messages originated :
0\n");
+ "# HELLO messages received from http server :
34\n" .
+ "# HELLO messages received overall :
1\n" .
+ "# valid HELLO messages received :
0\n" .
+ "# HELLO messages forwarded from other peers :
0\n" .
+ "# HELLO messages originated :
0\n");
BP();
W("The number of connected hosts is the nummber of hosts that the local node
is directly connected to (1 hop).");